Avast Antivirus Harvested Users Data And Sold It Google, Microsoft, IBM And Others
Avast has evidently been harvesting user data through opt-ins that don't tell the complete story to its antivirus users. If you believed your antivirus protected you from malware, turns out it did that at the cost of sharing your entire online existence with the buyers, including the likes of Google, Pepsi, and Home Depot.
Avast Antivirus Harvested Users Data and Sold it Google, Microsoft, IBM and Others
A Motherboard and PCMag investigation has revealed that documents from Jumpshot, an Avast subsidiary, "shine new light on the secretive sale and supply chain of peoples' internet browsing histories." Avast antivirus program has been collecting data from its users, which is then repackaged by Jumpshot into different products sold to some of the biggest companies in the world.
While Avast says it collects that data through opt-ins, multiple users of its antivirus program were unaware of what they were agreeing to, which begs the question of how open about this practice Avast was to its users. It is unclear when these opt-ins started, but several users noticed receiving these notifications that asked antivirus users to opt back into data collection. This new opt-in message reads:
The documents, from a subsidiary of the antivirus giant Avast called Jumpshot, shine new light on the secretive sale and supply chain of peoples' internet browsing histories. They show that the Avast antivirus program installed on a person's computer collects data, and that Jumpshot repackages it into various different products that are then sold to many of the largest companies in the world. Some past, present, and potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Home Depot, Condé Nast, Intuit, and many others. Some clients paid millions of dollars for products that include a so-called "All Clicks Feed," which can track user behavior, clicks, and movement across websites in highly precise detail.
Avast claims to have more than 435 million active users per month, and Jumpshot says it has data from 100 million devices. Avast collects data from users that opt-in and then provides that to Jumpshot, but multiple Avast users told Motherboard they were not aware Avast sold browsing data, raising questions about how informed that consent is.
Jumpshot sells a variety of different products based on data collected by Avast's antivirus software installed on users' computers. Clients in the institutional finance sector often buy a feed of the top 10,000 domains that Avast users are visiting to try and spot trends, the product handbook reads.
Users have always had the ability to opt out of sharing data with Jumpshot. As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV (antivirus), and we are now also prompting our existing free users to make an explicit choice, a process which will be completed in February 2020
Relax. That's what Avast told the public after its browser extensions were found harvesting users' data to supply to marketers. Last month, the antivirus company tried to justify the practice by claiming the collected web histories were stripped of users' personal details before being handed off.
The data collected is so granular that clients can view the individual clicks users are making on their browsing sessions, including the time down to the millisecond. And while the collected data is never linked to a person's name, email or IP address, each user history is nevertheless assigned to an identifier called the device ID, which will persist unless the user uninstalls the Avast antivirus product.
"It's almost impossible to de-identify data," said Eric Goldman, co-director of the High Tech Law Institute at Santa Clara University, who also took issue with an antivirus company monetizing users' data. "That just sounds like a terrible business practice. They're supposed to be protecting consumers from threats, rather than exposing them to threats."
"Users have always had the ability to opt out of sharing data with Jumpshot. As of July 2019, we had already begun implementing an explicit opt-in choice for all new downloads of our AV (antivirus), and we are now also prompting our existing free users to make an explicit choice, a process which will be completed in February 2020," the company said.
A few hours ago I came across the article Leaked Documents Expose the Secretive Market for Your Web Browsing Data at Medium. A subsidiary of the manufacturer of an antivirus program that is used on hundreds of millions of systems sells highly sensitive browser data of its users to third parties. Buyers include many of the world's largest companies, such as Home Depot, Google, Microsoft, Pepsi, and McKinsey.